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DETAILED ACTION 

1 . Claims 1-88 are pending in this application. 

2. The Information Disclosure Statements filed on 1/2/2004, 4/13/2004, 4/20/2004, 
6/27/2005, 7/17/2006, and 12/5/2006 have been considered by the examiner. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 1-3, 6, 10-12, 15, 21-23, 26, 30-32, 35, 41-43, 46, 50-52, 55, 61-63, 66, 
78-80, and 83 are rejected under 35 U.S.C. 102(b) as being anticipated by Murphy (US 
6,226,744), hereafter "Murphy." 

5. Murphy is cited by the applicant in an IDS paper filed on 1/2/2004. 

6. Considering Claim 1, Murphy discloses a method for digital content access 
control (abstract, lines 1-5), comprising: determining digital content to be made 
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accessible via a rights locker (column 3, lines 35-36); determining enrollment 
authentication data (column 4, lines 1-7); sending a rights locker enrollment 
request to a rights locker provider (column 3, lines 35-36), said rights locker 
enrollment request comprising a digital content request and said enrollment 
authentication data (column 3, lines 35-36, column 4, lines 1-5); receiving one or 
more authenticated rights locker access requests in response to said sending 
(column 5, lines 55-60), said one or more authenticated rights locker access 
requests for subsequent use in accessing digital content associated with said 
rights locker (column 7, lines 26-28, column 6, lines 56-61); receiving an 
indication of a selection of one of said one or more authenticated rights locker 
access requests (column 3, lines 35-36, column 6, lines 50-54, requesting a PIN 
from the user establishes that the user is electing to retrieve the information 
requested from the server); sending said authenticated rights locker access 
request to a rights locker provider (column 3, lines 35-36); and receiving a result 
in response to said sending said authenticated rights locker access request 
(column 6, lines 46-47, the result is that the user is granted access to the 
restricted information). 



7. Considering Claim 10, Murphy discloses a method for digital content access 
control (abstract, lines 1-5), comprising: receiving a rights locker enrollment 
request from a user device associated with a user (column 3, lines 35-36), said 
rights locker enrollment request comprising a digital content request and 
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enrollment authentication data (column 3, lines 35-36, column 4, lines 1-5); 
determining whether said user is authorized (column 6, lines 8-1 1 and 43-49), 
said determining comprising determining the rights of said user to access said 
rights locker and the rights of said user to digital content specified by said digital 
content request (column 6, lines 1-7); if said user is authorized, initializing said 
rights locker with rights to said digital content (column 6, lines 43-47); obtaining 
one or more tokens that authenticate future access to a rights locker 
corresponding to said digital content (column 5, lines 55-60, column 6, lines 56- 
61); creating one or more authenticated rights locker access requests based at 
least in part on said one or more tokens (column 5, lines 55-60); sending said 
one or more authenticated rights locker access requests (column 3, lines 35-36); 
receiving an indication of a user selection of one of said one or more 
authenticated rights locker access requests (column 3, lines 35-36, column 6, 
lines 50-54, requesting a PIN from the user establishes that the user is electing 
to retrieve the information requested from the server); and accessing the 
contents of said rights locker according to a type of said rights token (column 7, 
lines 22-28, accessing content based on the SSN is shown, it is also shown that 
this could be done using tickets, certificates, or keys which can be read as 
tokens). 

8. Considering Claim 21, Murphy discloses a program storage device readable by a 
machine (column 4, lines 1-7), embodying a program of instructions executable 
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by the machine to perform a method for digital content access control (abstract, 
lines 1-5), the method comprising: determining digital content to be made 
accessible via a rights locker (column 3, lines 35-36); determining enrollment 
authentication data (column 4, lines 1-7); sending a rights locker enrollment 
request to a rights locker provider (column 3, lines 35-36), said rights locker 
enrollment request comprising a digital content request and said enrollment 
authentication data (column 3, lines 35-36, column 4, lines 1-5); receiving one or 
more authenticated rights locker access requests in response to said sending 
(column 5, lines 55-60), said one or more authenticated rights locker access 
requests for subsequent use in accessing digital content associated with said 
rights locker (column 7, lines 26-28, column 6, lines 56-61); receiving an 
indication of a selection of one of said one or more authenticated rights locker 
access requests (column 3, lines 35-36, column 6, lines 50-54, requesting a PIN 
from the user establishes that the user is electing to retrieve the information 
requested from the server); sending said authenticated rights locker access 
request to a rights locker provider (column 3, lines 35-36); and receiving a result 
in response to said sending said authenticated rights locker access request 
(column 6, lines 46-47, the result is that the user is granted access to the 
restricted information). 

9. Considering Claim 30, Murphy discloses a program storage device readable by a 
machine (column 4, lines 1-7), embodying a program of instructions executable 
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by the machine to perform a method for digital content access control (abstract, 
lines 1-5), the method comprising: receiving a rights locker enrollment request 
from a user device associated with a user (column 3, lines 35-36), said rights 
locker enrollment request comprising a digital content request and enrollment 
authentication data (column 3, lines 35-36, column 4, lines 1-5); determining 
whether said user is authorized (column 6, lines 8-1 1 and 43-49), said 
determining comprising determining the rights of said user to access said rights 
locker and the rights of said user to digital content specified by said digital 
content request (column 6, lines 1-7); if said user is authorized, initializing said 
rights locker with rights to said digital content (column 6, lines 43-47); obtaining 
one or more tokens that authenticate future access to a rights locker 
corresponding to said digital content (column 5, lines 55-60, column 6, lines 56- 
61); creating one or more authenticated rights locker access requests based at 
least in part on said one or more tokens (column 5, lines 55-60); sending said 
one or more authenticated rights locker access requests (column 3, lines 35-36); 
receiving an indication of a user selection of one of said one or more 
authenticated rights locker access requests (column 3, lines 35-36, column 6, 
lines 50-54, requesting a PIN from the user establishes that the user is electing 
to retrieve the information requested from the server); and accessing the 
contents of said rights locker according to a type of said rights token (column 7, 
lines 22-28, accessing content based on the SSN is shown, it is also shown that 
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this could be done using tickets, certificates, or keys which can be read as 
tokens). 

10. Considering Claim 41, Murphy discloses an apparatus for digital content access 
control (abstract, lines 1-5), comprising: means for determining digital content to 
be made accessible via a rights locker (column 3, lines 35-36); means for 
determining enrollment authentication data (column 4, lines 1-7); means for 
sending a rights locker enrollment request to a rights locker provider (column 3, 
lines 35-36), said rights locker enrollment request comprising a digital content 
request and said enrollment authentication data (column 3, lines 35-36, column 
4, lines 1-5); means for receiving one or more authenticated rights locker access 
requests in response to said sending (column 5, lines 55-60), said one or more 
authenticated rights locker access requests for subsequent use in accessing 
digital content associated with said rights locker (column 7, lines 26-28, column 
6, lines 56-61 ); means for receiving an indication of a selection of one of said one 
or more authenticated rights locker access requests (column 3, lines 35-36, 
column 6, lines 50-54, requesting a PIN from the user establishes that the user is 
electing to retrieve the information requested from the server); means for sending 
said authenticated rights locker access request to a rights locker provider 
(column 3, lines 35-36); and means for receiving a result in response to said 
sending said authenticated rights locker access request (column 6, lines 46-47, 
the result is that the user is granted access to the restricted information). 
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1 1 . Considering Claim 50, Murphy discloses an apparatus for digital content access 
control (abstract, lines 1-5), comprising: means for receiving a rights locker 
enrollment request from a user device associated with a user (column 3, lines 35- 
36), said rights locker enrollment request comprising a digital content request 
and enrollment authentication data (column 3, lines 35-36, column 4, lines 1-5); 
means for determining whether said user is authorized (column 6, lines 8-1 1 and 
43-49), said determining comprising determining the rights of said user to access 
said rights locker and the rights of said user to digital content specified by said 
digital content request (column 6, lines 1-7); means for if said user is authorized, 
initializing said rights locker with rights to said digital content (column 6, lines 43- 
47); obtaining one or more tokens that authenticate future access to a rights 
locker corresponding to said digital content (column 5, lines 55-60, column 6, 
lines 56-61); creating one or more authenticated rights locker access requests 
based at least in part on said one or more tokens (column 5, lines 55-60); 
sending said one or more authenticated rights locker access requests (column 3, 
lines 35-36); receiving an indication of a user selection of one of said one or 
more authenticated rights locker access requests (column 3, lines 35-36, column 
6, lines 50-54, requesting a PIN from the user establishes that the user is 
electing to retrieve the information requested from the server); and accessing the 
contents of said rights locker according to a type of said rights token (column 7, 
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lines 22-28, accessing content based on the SSN is shown, it is also shown that 
this could be done using tickets, certificates, or keys which can be read as 
tokens). 



12. Considering Claim 61, Murphy discloses an apparatus for digital content access 
control (abstract, lines 1-5), comprising: a memory for storing said digital content 
(Fig. 1- item 26); and a processor configured to: determine digital content to be 
made accessible via a rights locker (Figure 1- items 18, 22, and 24, column 3, 
lines 35-36); determine enrollment authentication data (column 4, lines 1-7); send 
a rights locker enrollment request to a rights locker provider (column 3, lines 35- 
36), said rights locker enrollment request comprising a digital content request 
and said enrollment authentication data (column 3, lines 35-36, column 4, lines 1- 
5); receive one or more authenticated rights locker access requests in response 
to said sending (column 5, lines 55-60), said one or more authenticated rights 
locker access requests for subsequent use in accessing digital content 
associated with said rights locker (column 7, lines 26-28, column 6, lines 56-61); 
receive an indication of a selection of one of said one or more authenticated 
rights locker access requests (column 3, lines 35-36, column 6, lines 50-54, 
requesting a PIN from the user establishes that the user is electing to retrieve the 
information requested from the server); send said authenticated rights locker 
access request to a rights locker provider (column 3, lines 35-36); and receive a 
result in response to said sending said authenticated rights locker access request 
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(column 6, lines 46-47, the result is that the user is granted access to the 
restricted information). 

13. Considering Claim 78, Murphy discloses an apparatus for digital content access 
control (abstract, lines 1-5), comprising: a memory for storing one or more rights 
lockers that describe digital content access rights (Fig. 1- item 26); and a 
processor configured to: receive a rights locker enrollment request from a user 
device associated with a user (Figure 1- items 18, 22, and 24, column 3, lines 35- 
36), said rights locker enrollment request comprising a digital content request 
and enrollment authentication data (column 3, lines 35-36, column 4, lines 1-5); 
determine whether said user is authorized (column 6, lines 8-1 1 and 43-49), said 
determining comprising determining the rights of said user to access said rights 
locker and the rights of said user to digital content specified by said digital 
content request (column 6, lines 1-7); if said user is authorized, initialize said 
rights locker with rights to said digital content (column 6, lines 43-47); obtain one 
or more tokens that authenticate future access to a rights locker corresponding to 
said digital content (column 5, lines 55-60, column 6, lines 56-61); create one or 
more authenticated rights locker access requests based at least in part on said 
one or more tokens (column 5, lines 55-60); send said one or more authenticated 
rights locker access requests (column 3, lines 35-36); receive an indication of a 
user selection of one of said one or more authenticated rights locker access 
requests (column 3, lines 35-36, column 6, lines 50-54, requesting a PIN from the 
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user establishes that the user is electing to retrieve the information requested 
from the server); and access the contents of said rights locker according to a 
type of said rights token (column 7, lines 22-28, accessing content based on the 
SSN is shown, it is also shown that this could be done using tickets, certificates, 
or keys which can be read as tokens). 

14. Considering Claims 2, 11, 22, 31, 42, 51, 62, and 79, Murphy discloses digital 
content request comprises a request for initializing said rights locker with rights to 
specified digital content (column 3, lines 35-36). 

15. Considering Claims 3, 12, 23, 32, 43, 52, 63, and 80, Murphy discloses 
enrollment authentication data comprises: rights locker access authentication 
data for determining what rights, if any, said user has to access said rights locker 
(column 6, lines 43-47); and rights content access authentication data for 
determining what rights, if any, said user has to digital content associated with 
said rights locker (column 6, lines 43-47). 

16. Considering Claims 6, 15, 26, 35, 46, 55, 66, and 83, Murphy discloses 
enrollment authentication data comprises a reenrollment key determined in a 
previous enrollment request for said rights locker (column 7, lines 22-28), said 
reenrollment key for supplementing or replacing enrollment authentication data of 
said previous enrollment request (column 6, lines 56-61, column 7, lines 22-28). 
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17. Considering Claim 67, Murphy discloses apparatus comprises a smart card 
(abstract, lines 1-5). 

Claim Rejections - 35 USC § 103 

18. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

19. Claims 4, 5, 13, 14, 16, 24, 25, 33, 34, 36, 44, 45, 53, 54, 56, 64, 65, 81, 82, and 

84 are rejected under 35 U.S.C. 103(a) as being unpatentable over Murphy in view of 
Hendrick (US 7,083,095), hereafter "Hendrick." 

20. Considering Claims 4, 13, 24, 33, 44, 53, 64, and 81, Murphy does not disclose 
rights locker access authentication data comprises payment for use of a rights 
locker service. 

Hendrick does disclose rights locker access authentication data comprises 
payment for use of a rights locker service (column 1 1 , lines 44-62). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the teachings of Murphy with the 
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payment method taught by Hendrick in order to protect the rights of creators and 
publishers along with their content, collect their payments, and maintain their 
profits while providing consumers with easier access to content and lower prices 
(Hendrick- column 13, lines 7-10). 

21 . Considering Claims 5, 14, 25, 34, 45, 54, 65, and 82, Murphy does not disclose 
rights content access authentication data comprises payment for rights deposited 
in said rights locker. 

, Hendrick does disclose rights content access authentication data comprises 
payment for rights deposited in said rights locker (column 13, lines 7-10). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the teachings of Murphy with the 
payment method taught by Hendrick in order to protect the rights of creators and 
publishers along with their content, collect their payments, and maintain their 
profits while providing consumers with easier access to content and lower prices 
(Hendrick- column 13, lines 7-10). 

22. Considering Claims 16, 36, 56, and 84, Murphy does not disclose determining 
comprises determining whether said user is entitled to become an enrolled user 
based at least in part on whether payment for use of the rights locker service 
succeeds. 
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Hendrick does disclose determining comprises determining whether said user is 
entitled to become an enrolled user based at least in part on whether payment for 
use of the rights locker service succeeds (column 13, lines 11-14). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the teachings of Murphy with the 
payment method taught by Hendrick in order to protect the rights of creators and 
publishers along with their content, collect their payments, and maintain their 
profits while providing consumers with easier access to content and lower prices 
(Hendrick- column 13, lines 7-10). 

23. Considering Claims 17, 37, 57, and 85, Murphy does not disclose determining 
whether an enrolled user is entitled to populate said rights locker with rights to 
said digital content based at least in part on whether payment for said rights 
succeeds. 

Hendrick does disclose determining whether an enrolled user is entitled to 
populate said rights locker with rights to said digital content based at least in part 
on whether payment for said rights succeeds (column 13, lines 1 1-14). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the teachings of Murphy with the 
payment method taught by Hendrick in order to protect the rights of creators and 
publishers along with their content, collect their payments, and maintain their 
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profits while providing consumers with easier access to content and lower prices 
(Hendrick- column 13, lines 7-10). 

24. Claims 7, 18, 27, 38, 47, 58, 75, and 86 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Murphy in view of Mohler (US 6,601,173). 

25. Considering Claims 7, 18, 27, 38, 47, 58, 75, and 86, Murphy does not disclose 
storing at least part of said one or more authenticated rights locker access 
requests in a bookmark on a user device. 

Mohler does disclose storing at least part of said one or more authenticated 
rights locker access requests in a bookmark on a user device (abstract, lines 19- 
30). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the teachings of Murphy with a 
bookmark to store user authentication information as taught by Mohler for the 
benefit of automating the user's access to a particular website. The user, already 
having been password admitted, simplyclicks on the desired bookmark and the 
computer system automatically access the identified Internet website without 
further input from the user (Mohler- abstract, lines 26-30). 

26. Claims 8, 19, 28, 39, 48, 59, 76, and 87 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Murphy in view of Steven W. Disbrow. Use cookies to 
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maintain state in Web applications. Active Server Developer's Journal. Louisville: 
Sep 2000. Vol. 4. Iss. 9; pg. 7, 3 pgs. Hereafter "Disbrow." 

27. Considering Claims 8, 19, 28, 39, 48, 59, 76, and 87, Murphy does not disclose 
one or more authenticated rights locker access requests are embedded in a Web 
cookie. 

Disbrow does disclose one or more authenticated rights locker access requests 
are embedded in a Web cookie (Full Text, 3, lines 2-4). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the teachings of Murphy with using 
cookies to imbed personal information as taught by Disbrow for the benefit of 
remembering a particular visitor so that forms he filled out, selections and 
preferences he made, and other personalized information wouldn't have to be re- 
entered each time he visited the site (Disbrow- Full Text, 3, lines 2-4) 

28. Claims 9, 20, 29, 40, 49, 60, 77, and 88 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Murphy in view of Weissman (US 2002/0156905), hereafter 
"Weissman." 

29. Considering Claims 9, 20, 29, 40, 49, 60, 77, and 88, Murphy does not disclose 
one or more authenticated rights locker access requests are encapsulated in an 
HTTP Response message. 
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Weissman does disclose one or more authenticated rights locker access 
requests are encapsulated in an HTTP Response message ([0035] lines 10-22, 
[0036]). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the teachings of Murphy with 
encapsulating user authentication information in a http response message as 
taught by Weissman for the benefit of appending authentication credentials 
stored in the logon database and other information extracted from the previously 
received HTTP responses. 

30. Claims 68-74 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Murphy. 

31 . Considering Claims 68-74, Murphy does not explicitly disclose a wide range of 
different types of smart cards. 

Murphy does disclose a smart card is a device that is typically the size of a credit 
card, having a microprocessor and limited storage memory (column 2, lines 46- 
48). 

Therefore, it would have been obvious at the time of the invention to use 
Murphy with the wide range of different types of smart cards for the benefit of 
having a system that is usable on a wide variety of designs and platforms. 
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Conclusion 



32. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 



■ US 6,308,274 - Least privilege using tokens. 

33. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Randal D. Moran whose telephone number is 571-270- 
1255. The examiner can normally be reached on M-F: 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



US 5,991,878 



Controlling access to Information. 



US 6,212,634 



Certifying authorization in computer networks using smart 



cards. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Randal D. Moran 




